# Concepts

- [Guardian & Interceptor](https://docs.spyderbat.com/concepts/guardian.md)
- [Ruleset Policies](https://docs.spyderbat.com/concepts/guardian/ruleset_policies.md)
- [Workload Policies](https://docs.spyderbat.com/concepts/guardian/workload_policies.md): Workload Policies define allowed process and network activity for containers and Linux services, alerting or blocking deviations from expected behavior.
- [Flashback (Go Back In Time)](https://docs.spyderbat.com/concepts/flashback.md)
- [Investigations](https://docs.spyderbat.com/concepts/flashback/investigations.md): Overview of Process Investigations in the Spyderbat Console — the Records Panel, Causal Tree, and Details Panel for visual causal analysis of Spydertraces.
- [Search](https://docs.spyderbat.com/concepts/search.md): Detailed overview of the Search tab in the console and the Spyderbat search language it uses.
- [Saved Searches](https://docs.spyderbat.com/concepts/search/saved-search.md): Store and reuse search queries in Spyderbat. Enable notifications and SIEM forwarding on saved queries to automate alerting and event delivery.
- [Summarize](https://docs.spyderbat.com/concepts/summarize.md)
- [Spydertrace Summarize](https://docs.spyderbat.com/concepts/summarize/spydertrace-summarize.md)
- [Dashboards](https://docs.spyderbat.com/concepts/dashboards.md): Detailed overview of the Dashboard section of the console, including collected types of data, data management (sorting, filtering and grouping), and shortest path to investigating suspicious activity.
- [Dashboard Categories](https://docs.spyderbat.com/concepts/dashboards/spyderbat-dashboard-categories.md): The seven built-in dashboard categories in Spyderbat: Security, User Tracking, Policy, Operations, Network, Inventory, and Kubernetes. Includes the full list of default cards in each category.
- [Reports](https://docs.spyderbat.com/concepts/reports.md): Overview of the Reporting section of the console, including report creation, review, download and printing.
- [Notifications](https://docs.spyderbat.com/concepts/notifications.md): Get notified when Spyderbat detects operations issues or suspicious behavior at runtime in your environment.
- [Notification Targets](https://docs.spyderbat.com/concepts/notifications/notification-targets.md)
- [Notification Templates](https://docs.spyderbat.com/concepts/notifications/notification-templates.md)
- [Actions](https://docs.spyderbat.com/concepts/actions.md): Overview of manual response actions that can be executed in the UI, including killing a process or killing a pod.
- [Integrations](https://docs.spyderbat.com/concepts/integrations.md): Integrate Spyderbat with your existing security infrastructure — route events to your SIEM, connect AWS accounts, and forward data to external tools.
- [SIEM Forwarding](https://docs.spyderbat.com/concepts/integrations/siem-forwarding.md): How Spyderbat SIEM forwarding works — enabling forwarding on saved queries and deploying the Event Forwarder to deliver events to your SIEM.
- [AWS Integration](https://docs.spyderbat.com/concepts/integrations/aws.md): Overview of the AWS Context Integration using the AWS Agent
- [Spyderbat Event Forwarder](https://docs.spyderbat.com/concepts/integrations/spyderbat-event-forwarder.md): The Spyderbat Event Forwarder polls the SIEM forwarding API and delivers events to your SIEM, log management platform, or any HTTP endpoint.
- [Suppression & Tuning](https://docs.spyderbat.com/concepts/suppression.md)
- [Scout (Detections)](https://docs.spyderbat.com/concepts/scout.md)
- [Spydertraces](https://docs.spyderbat.com/concepts/scout/spydertraces.md): A Spydertrace is a causally connected record of system activity. This page explains how traces are triggered, scored, and reviewed by analysts.
- [Custom Flags](https://docs.spyderbat.com/concepts/scout/custom-flags.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.spyderbat.com/concepts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.